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CLAIMS 



1 . A method for processing of data that is to be 
5 protected, comprising the measure of storing the data 
as encrypted data element values ( DV ) in records ( P ) in 
a first database (O-DB), each data element value being 
linked to a corresponding data element type { DT ) , 
characterised by the steps of 

10 storing in a second database ( IAM-DB ) a data element 

protection catalogue ( DC ) , which for each individual data 
element type ( DT ) contains one or more protection attri- 
butes stating processing rules for data element values 
(DV), which in the first database (0-DB) are linked to 

15 the individual data element type (DT), 

for each user-initiated measure aiming at processing 
of a given data element value (DV) in the first database 
(0-DB), initially producing a compelling calling to the 
data element protection catalogue for collecting the pro- 

20 tection attribute/ attributes associated with the corre- 
sponding data element type, and 

compellingly controlling the user's processing of 
the given data element value in conformity with the col- 
lected protection attribute/attributes. 

25 2. A method as claimed in claim 1, further compris- 

ing the measure of storing the protection 

attribute/ attributes of the data element protection cata- 
logue (DC) in encrypted form in the second database 
(IAM-DB) and, when collecting protection attribute/ attri- 

30 butes from the data element protection catalogue (DC) 
effecting decryption thereof. 

3 . A method as claimed in any one of the preceding 
claims, wherein each record (P) in the first database 
(O-DB) has a record identifier, and wherein the method 

35 further comprises the measure of storing the record iden- 
tifier in encrypted form (SID) in the first database 
(0-DB) . 
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4. A method as claimed in any one of the preceding 
claims, wherein the encryption of data in the first data- 
base (O-DB) and/or the encryption of data in the second 
database ( IAM-DB ) is carried out in accordance with the 

5 PTY principle with floating storage identity. 

5 . A method as claimed in any one of the preceding 
claims, wherein the protection attribute/attributes of 
the data element types comprise attributes stating rules 
for encryption of the corresponding data element values 

10 in the first database (O-DB). 

6 . A method as claimed in any one of the preceding 
claims, wherein the protection attribute/attributes of 
the data element types comprise attributes stating rules 
for which program/programs or program versions is/are 

15 allowed to be used for managing the corresponding data 
element values in the first database (O-DB). 

7 . A method as claimed in any one of the preceding 
claims, wherein the protection attribute/attributes of 
the data element values comprise attributes stating rules 

20 for logging the corresponding data element values in the 
first database (O-DB). 

8 . An apparatus for processing data that is to be 
protected, comprising a first database (O-DB) for stor- 
ing said data as encrypted data element values (DV) in 

25 records ( P ) , each data element value being linked to 
a corresponding data element type (DT), charac- 
terised by 

a second database ( IAM-DB ) for storing a data ele- 
ment protection catalogue ( DC ) , which for each individual 

30 data element type (DT) contains one or more protection 
attributes stating processing rules for data element 
values (DV), which in the first database (O-DB) are 
linked to the individual data element type ( DT ) , 

means which are adapted, in each user- initiated mea- 

35 sure aiming at processing a given data element value (DV) 
in the first database (O-DB), to initially produce a 
compelling calling to the data element protection cata- 
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logue for collecting the protection attribute/attributes 
associated with the corresponding data element types, and 

means which are adapted to compellingly control the 
user's processing of the given data element value in con- 
5 formity with the collected protection attribute/attri- 
butes . 



